HCRG WORKFORCE SOLUTIONS LIMITED

HCRG Workforce Solutions

HCRG’s Workforce Solution operates using cloud based platforms and provide an end–to-end workforce solution for the coordination and management of your flexible workforces. Our service allows for the direct engagement of flexible resource pools, talent pooling, and provides analytical tools to drive increased efficiencies.

Features

• End-to-end recruitment technology & supporting managed service
• Specialist Healthcare worker on boarding module
• Integrated time & expense module
• End to End Procure to Pay Solution
• Bespoke management information suite
• Programme & account management
• Outsourced Bank Management
• E-rostering technology
• RPO- recruitment process outsourcing
• Consultancy Service

Benefits

• Allow clients to directly engage their workforce for all staffing
• Provide real time reporting allowing clients to manage their resource
• Integrate with e-rostering, bank modules, ESR, payroll and accounts payable
• Delivery of efficiencies and reduction in workloads
• Live tracking of financial data and expenditure of flexible workforce
• Allows flexibility to adapt to changing demand and market conditions
• Large-scale savings, rate reductions, cost management & efficiency gains
• 24/7 service with dedicated account staff and specialist consultants

£1.00 to £10.00 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@hcrg.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

883218324634718

Contact

Gary Taylor
020 7451 1451
tenders@hcrg.uk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No there are no plans that may cause constraints to software use by Buyers. We maintain 99.9% uptime and with all planned maintenance notified in advance to Buyers, and completed in downtime periods.
• System requirements:
  • We fully scope all software requirements with Buyers.
  • Buyers can influence system requirements and data-flows.
  • Buyers only require access to the internet to utilise software.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Acknowledgement - within 2 working hours; Low level issues/support - within 24 working hours; Medium level issues/support - within 48 working hours; Technical level issues - within 14 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Each Customer is allocated their own dedicated Account Management Team to provide on-site and remote support. The AMT act as first line contact/support for queries and day to day running of services/systems. The AMT are fully supported by technical teams for 2nd line queries and support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our dedicated Account Management Team will be based on-site and will start a very detailed Implementation scoping and planning exercise. This will address all aspects of Design & Configuration. Full support throughout the entirety of the project, mixed on-site and remote, will be provided by the Account Management team. Full training is delivered on-site to all users and as relevant to their role, and follows with additional online / refresh training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Our Account Management Team will discuss with the Customer a fully detailed exit plan, including system/data/service transition in-house or to an alternative provider. In terms of data extracts, all data can be exported securely from the system and in any format requested by the Customer.
• End-of-contract process: Upon receipt of notice to terminate from a Customer, our Account Management Team will arrange a review meeting, during which our exit will be discussed, minutes recorded, and an Exit Plan developed, shared and agreed with the Customer (including key actions, involved persons, timelines and check/review points) - similar to an implementation plan in reverse.; ; The exit plan will be delivered over a 12 week period, unless a shorter period is defined by the Customer, and with agreed KPIs for each stage. After 12 weeks any additional services will be charged at the rate agreed during the initial Exit Meeting.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences and 100% functionality of the service is available via any smart and web enabled device with access to a WI-FI connection. Where a mobile is used, and off WI-FI (i.e. via mobile data or no connection), actions complete upon connectivity to WI-FI being available.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: 100% of all functionality is available via the system from any web enabled smart device and with a Wi-Fi connection. Users are issued with a unique login and password to gain initial access to the system, and which following 1st login prompts an immediate password change by the user to progress further into the system. All functionalities of the system, including configurations and development activities, are web based and with user permission levels linked to user access and to distinguish rights between users (and access to data/information).
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: All interface testing completed is compliant to EN 301 549 9 standards, and covers testing of various users with multiple needs and with the system capable of interfacing with all current and known software and accessibility readers to ensure maximum engagement and use by those with registered/unregistered disabilities and/or other conditions as covered under the Equality Act (i.e. sight impaired, deaf, neurodiverse conditions etc.).
• API: Yes
• What users can and can't do using the API: The Account Management Team will fully scope and determine all Customer and system needs for API integration, and which will be formally designed and planned within project and implementation plans. APIs enable the transfer of information and/or data, including updates, using one or two-way flows and between one or more systems, including third-party systems.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Large parts and functions of our system can be customised to a Customer/users needs, from data flows and automations within the system to data dashboards, reporting suites and analytics etc. For this, a dedicated Account Team is allocated to the Customer and who scope all needs and requirements, include bespoke preferences for customisation of services and solutions, and which is then designed within project ad implementation plans, including all testing to ensure customisations meet Customer requirements and expectations; and with continual reviews quarterly and annual to assure continuing suitability including annual improvement and development planning (generally and customer specific).

Scaling

• Independence of resources: Each Customer will have their own dedicated Account Management and Technical Team, so demand from other customers/clients for our services will not effect the Customer or Customer users, and the level of support offered will remain consistent throughout the contract/service duration period and as agreed with the Customer during implementation and/or post-stage review meetings. Our Technical Team provide 24/7 support, constantly monitoring the system, and immediately report to us any concerns so we have time to react and can proactively manage issues.

Analytics

• Service usage metrics: Yes
• Metrics types: • CPU; • HTTP request and response status; • Memory; • Network; • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can directly access, download and export all relevant data as per their user access level/permissions and on a self-access and self-use basis via the enhanced reporting and insights functionalities of the system - this which enables users to create, save and run bespoke/defined reports (and by selecting any/all data fields within the system) and as per the time-period defined by the user (i.e. adding start/end dates); and in user frendly/accessible formats (i.e. CSV/excel/PDF etc.)
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We have 99.9% up time availability in all of our SLA's.
• Approach to resilience: This Document is available on request as it is more than 200 words.
• Outage reporting: All outages will be reported by the Technical Team via phone, and followed by email to confirm the verbal report provided (including date/time).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All restrictions are scoped out in the implementation stage by our Tech and account team, all user permissions are set and all individual users have their own log ins.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR Ltd
• ISO/IEC 27001 accreditation date: 11/04/2013
• What the ISO/IEC 27001 doesn’t cover: A.14.2.7 Outsourced Development; A.14.2.5 Secure system engineering principles
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 11/05/2023
• What the PCI DSS doesn’t cover: There are no exclusions - everything is covered.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 22301 Business Continuity & Management

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO 27001 accredited and as such adhere and follow all standards, policies, processes and protocols for information security, integrity & confidentiality. Equally, we are also Cyber Essentials and PCI Certificated, further assuring of the level and robustness of existing policy/process application. Evidence of compliance/adherence can be evidenced via independent/external audits by ISO awarding body since. 2013 to date.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration Management Database (CMDB) is maintained through a combined process of automated and manual discoveries, ongoing monitoring, and updates, change management and physical validation by asset protection. Items within the CMDB are automatically linked to the Support Team ticketing system, which allows for granularity in the identification of assets which may be subject to change, incidents, problems, or service requests. Management of assets is evidenced during external assessments of our ISO20000 and ISO27001 certifications, undertaken by Lloyd's Register (LR). ISO20000.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management activities are developed and implemented in accordance with established standards: ISO20000 for IT Service Management, and ISO27001 for Information Security Management. Both standards are regularly validated by external assessors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our Technical Team undertakes such assessments daily, proposing and progressing actions necessary to ensure that vulnerabilities are not permitted to affect the service. Our Team ensures that records are maintained for vulnerabilities which have been fully addressed and those which remain outstanding pending the release of an appropriate solution from the client. Fixes to address new identified and evolving vulnerabilities takes place daily. After evaluation of the proposed deployment and design of the platforms, majority of vulnerabilities are mitigated without any risk to environments. Where vulnerabilities identified which require immediate action, clients will be informed.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have formal policies and segregated protocols for ISMS and Cyber Security incidents/alerts , including specific activities for identifying, remediating, and resolving security incidents. Evidence of this is provided during external ISO 20000 and ISO27001 audits for annual certification, and assessed and validated by an accreditor from the National Cyber Security Centre.; Any security incident detected via Protective Monitoring is investigated. Where appropriate, incidents are escalated to the Focused Incident Response Security Team. They are responsible for assessing the impact and ensuring correct actions are taken to contain and resolve the incident as swiftly as possible.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  We hold ISO14001 Environmental Management accreditation and commit to minimising the environmental impact of our operations and carbon footprint via developing an ethos for environmental responsibility and programs for improvement. We demonstrate our commitment by implementing:; ; • Learning programmes to upskill staff/increase knowledge to reinvest into contracts/service delivery and for relay to Customers/contracted workforces, including regular communication and promotion (via websites/social-media/blogs/feeds) of environmental practices, with tips/techniques/prompts to encourage others and self-sufficiency at home/work, i.e. we use air-purifying plants across all offices, and in one office a ‘Lettuce Wall’ where varieties of lettuce grow from the inside wall and which are free for staff/visitors etc.; • Extensive recycling schemes for all paper/card/plastic/glass and laptops/computer equipment/mobile/e-devices to WEE directives; • Green Policies to reduce CO2 by utilising environmentally friendly equipment/systems/vehicles (i.e. low energy/power saving laptops/printers/phone systems and sensor/automatic lighting/pneumatic taps), adopting public transport first policies, and promoting shared transport-to-work (i.e. car sharing/walk-to-work/cycle-to-work schemes).; • Flexible and remote/home working to reduce travel/transport/energy impacts/emissions; • New and smart technologies to better monitor, support and improve our existing environmental programs/initiatives and further reducing the impact of our activities on the environment; • Digitalisation of all paperwork/records/documentation to reduce use of paper.; • Annual business-impact-assessments to assess, and further reduce, impacts of activities/operations on land/water/air/visual/noise pollution and resource consumption.

  Wellbeing

  As an experienced provider of expert technology and workforce solutions, we are committed to supporting and promoting health/wellbeing through the following measures:; ; • Annual plans which organise/provide schedules of health/well-being communications/actions/activities, aligned to Our Health Plan and Mental Health at Work/Thriving at Work Standards. Informed by data/intelligence/research, best practice/innovation, workforce/stakeholder surveys, and includes monitoring/measuring targets/techniques to analyse impacts/improvements.; • Monthly e-Health calendars to relay actions/activities/support available, and promoting local/regional/national programs (i.e. dry January, brew Monday, cervical cancer/men’s health/stress awareness/love your lungs weeks, time-to-talk/world hearing/smoking cessation/cycle-to-work days etc.).; • Prioritise health/well-being/plans by communicating commitments from the top-down, enforced via senior ownership/accountability, with governance structures and review committees (to review/enhance/improve measures).; • Monitor health/wellbeing of whole-workforce using data capture/surveys/occupational health (anonymous)/absence data/return to work results and reason coding to identify negative/positive changes and effects/impacts.; • Think-tanks whereby stakeholders suggest improvements/changes across any area/department/business/operational function.; • Operate workplaces/cultures which consistently promote/offer healthy and good physical conditions, this includes:; o Using induction/supervision/review/appraisal processes which facilitate/enforce two-way conversations re: health/wellbeing/MH; o Visual cues encouraging people to stay active/connected/eat-well/healthily, i.e. posters re: sports participation/sponsorship or health-benefits using stairs not lifts (i.e. calories burned) and reminders at drink/vending machines to stay hydrated/positioning healthy snacks at eye level, organising walking lunches/breaks/meetings.

Pricing

• Price: £1.00 to £10.00 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@hcrg.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.